diff options
| author | Sander Vrijders <sander@ouroboros.rocks> | 2020-05-29 15:24:52 +0200 |
|---|---|---|
| committer | Sander Vrijders <sander@ouroboros.rocks> | 2020-05-29 15:24:52 +0200 |
| commit | 2e58331beaeace156d7a09cd10f6ae70d36ddfcd (patch) | |
| tree | 6285101b0cc2b5442f8c4c730005a20b5bd891cc | |
| parent | 373062e1222d8e8d0c54d2db3af9237d7c980ad0 (diff) | |
| download | website-2e58331beaeace156d7a09cd10f6ae70d36ddfcd.tar.gz website-2e58331beaeace156d7a09cd10f6ae70d36ddfcd.zip | |
content: Spell-check ovpn tutorial
| -rw-r--r-- | content/en/docs/Tutorials/ovpn-tut.md | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/content/en/docs/Tutorials/ovpn-tut.md b/content/en/docs/Tutorials/ovpn-tut.md index 882ea03..69c1e95 100644 --- a/content/en/docs/Tutorials/ovpn-tut.md +++ b/content/en/docs/Tutorials/ovpn-tut.md @@ -9,10 +9,10 @@ description: > This tutorial explains how to create an encrypted tunnel for IP traffic. --- -We recently added 256-bit ECDHE-AES encryption to Ouroboros (in the -_be_ branch). This tutorial shows how to create an *encrypted IP -tunnel* using the Ouroboros VPN (ovpn) tool, which exposes _tun_ -interfaces to inject Internet Protocol traffic into an Ouroboros flow. +We recently added 256-bit ECDHE-AES encryption to Ouroboros. This +tutorial shows how to create an *encrypted IP tunnel* using the +Ouroboros VPN (ovpn) tool, which exposes _tun_ interfaces to inject +Internet Protocol traffic into an Ouroboros flow. We'll first illustrate what's going on over an Ethernet loopback adapter and then show how to create an encrypted tunnel between two @@ -27,7 +27,7 @@ To run this tutorial, make sure that [openssl](https://www.openssl.org) is installed on your machine(s) and get the latest version of Ouroboros. -```bash +```console $ git clone https://ouroboros.rocks/git/ouroboros $ cd ouroboros $ mkdir build && cd build @@ -37,10 +37,10 @@ $ make && sudo make install # Encrypted tunnel over the loopback interface -Open a terminal window and start ouroboros (add --stdout to log to +Open a terminal window and start ouroboros (add \-\-stdout to log to stdout): -```bash +```console $ sudo irmd --stdout ``` @@ -49,16 +49,16 @@ so we'll create a layer _my\_layer_ consisting of a single ipcp-eth-dix named _dix_, register the name _my\_vpn_ for the ovpn server in _my\_layer_, and bind the ovpn binary to that name. -```bash +```console $ irm ipcp bootstrap type eth-dix name dix layer my_layer dev lo -$ irm reg name my_vpn layer my_layer +$ irm name reg my_vpn layer my_layer $ irm bind program ovpn name my_vpn ``` We can now start an ovpn server on 127.0.0.3. This tool requires superuser privileges as it creates a tun device. -```bash +```console $ sudo ovpn --ip 127.0.0.3 --mask 255.255.255.0 ``` @@ -66,7 +66,7 @@ From another terminal, we can start an ovpn client to connect to the server (which listens to the name _my\_vpn_) and pass the \-\-crypt option to encrypt the tunnel: -```bash +```console $ sudo ovpn -n my_vpn -i 127.0.0.8 -m 255.255.255.0 --crypt ``` @@ -74,7 +74,7 @@ The ovpn tool now created two _tun_ interfaces attached to the endpoints of the flow, and will act as an encrypted pipe for any packets sent to that interface: -```bash +```console $ ip a ... 6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500 @@ -96,24 +96,24 @@ send some ping traffic into the other _tun_ interface. The encrypted traffic can be shown by tcpdump on the loopback interface. Open two more terminals: -```bash +```console $ sudo tcpdump -i tun1 ``` -```bash +```console $ sudo tcpdump -i lo ``` From another terminal, send some pings into the other endpoint: -```bash +```console $ ping 10.10.10.1 -I tun0 ``` The pings will timeout, but the tcpdump on the _tun1_ interface will show the ping messages arriving: -```bash +```console $ sudo tcpdump -i tun1 [sudo] password for dstaesse: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode @@ -127,7 +127,7 @@ While the tcpdump on the loopback shows the AES encrypted traffic that is actually sent on the flow (and not visible to the legacy "network" below: -```bash +```console $ sudo tcpdump -i lo tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes @@ -175,21 +175,21 @@ sport option. On both machines (fill in the correct IP address): -```bash +```console irm i b t udp n udp l my_layer ip <address> ``` On the server machine, bind and register the ovpn tool as above: -```bash -$ irm reg name my_vpn layer my_layer +```console +$ irm name reg my_vpn layer my_layer $ irm bind program ovpn name my_vpn ``` On the _client_ machine, add a DNS entry for the MD5 hash for "my_vpn" with the server IP address to /etc/hosts: -```bash +```console $ cat /etc/hosts # Static table lookup for hostnames. # See hosts(5) for details. @@ -200,16 +200,16 @@ $ cat /etc/hosts ``` -and you should be able to create the ovpn tunnel as above. +Now, you should be able to create the ovpn tunnel as above. On the server: -```bash +```console $ sudo ovpn --ip 127.0.0.3 --mask 255.255.255.0 ``` And on the client: -```bash +```console $ sudo ovpn -n my_vpn -i 127.0.0.8 -m 255.255.255.0 --crypt ``` |